Attack Type

Social Engineering

Generative AI lowers the cost of social engineering by orders of magnitude. Spear-phishing emails that previously required a fluent writer and target research are now produced in seconds with reasonable per-target personalisation. Voice cloning (ElevenLabs, OpenVoice, and others) enables real-time impersonation of executives and family members; multiple confirmed business-email-compromise and CFO-fraud incidents in 2023-2024 used cloned voices. Deepfake video is good enough for short verification clips and live calls under poor video conditions. Beyond direct attacks, AI-generated content fuels disinformation campaigns, fake review economies, and pig-butchering scams at unprecedented scale. AI Threat Alert tracks this category through CVEs in voice/face-recognition systems that fail to detect synthetic media, plus incidents in AIID (the AI Incident Database). Defenses: out-of-band verification for sensitive actions, deepfake detection layered with provenance signals (C2PA), and user education that assumes any voice or video can be faked.

63
Total CVEs
4
Pages
Page 3 of 4
Current
Severity CVE CVSS
MEDIUM CVE-2026-20258 5.4
HIGH CVE-2026-53823 8.1
MEDIUM GHSA-c9cv-mq2m-ppp3 -
MEDIUM CVE-2026-53841 6.1
HIGH CVE-2026-53849 8.1
HIGH CVE-2026-53857 8.1
MEDIUM CVE-2026-54303 -
MEDIUM CVE-2026-54006 4.3
HIGH CVE-2026-49276 -
CRITICAL CVE-2026-12048 9.3
MEDIUM GHSA-vmhf-c436-hxj4 -
HIGH CVE-2026-50132 7.3
MEDIUM CVE-2026-32052 6.4
HIGH CVE-2026-32971 7.1
MEDIUM CVE-2026-35647 5.3
MEDIUM CVE-2026-56358 5.4
UNKNOWN CVE-2026-50709 -
MEDIUM CVE-2026-56356 5.4
HIGH GHSA-xww8-gqvh-92x9 8.0
MEDIUM CVE-2026-55437 5.4

Page 3 of 4